./strace-static-x86_64 -e \!wait4,clock_nanosleep,nanosleep -s 100 -x -f ./syz-executor1832611167
<...>
Warning: Permanently added '10.128.10.0' (ED25519) to the list of known hosts.
execve("./syz-executor1832611167", ["./syz-executor1832611167"], 0x7ffd235e05f0 /* 10 vars */) = 0
brk(NULL) = 0x55555d8c5000
brk(0x55555d8c5d00) = 0x55555d8c5d00
arch_prctl(ARCH_SET_FS, 0x55555d8c5380) = 0
set_tid_address(0x55555d8c5650) = 5821
set_robust_list(0x55555d8c5660, 24) = 0
rseq(0x55555d8c5ca0, 0x20, 0, 0x53053053) = 0
prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0
readlink("/proc/self/exe", "/root/syz-executor1832611167", 4096) = 28
getrandom("\x13\xfd\xa4\x60\x65\x8a\x95\x24", 8, GRND_NONBLOCK) = 8
brk(NULL) = 0x55555d8c5d00
brk(0x55555d8e6d00) = 0x55555d8e6d00
brk(0x55555d8e7000) = 0x55555d8e7000
mprotect(0x7f559d28f000, 16384, PROT_READ) = 0
mmap(0x3ffffffff000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x3ffffffff000
mmap(0x400000000000, 16777216, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400000000000
mmap(0x400001000000, 4096, PROT_NONE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x400001000000
openat(AT_FDCWD, "/proc/self/make-it-fail", O_WRONLY) = 3
close(3) = 0
openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_WRONLY) = 3
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/failslab/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_futex/ignore-private", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-highmem", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/ignore-gfp-wait", O_WRONLY|O_CLOEXEC) = 3
write(3, "N", 1) = 1
close(3) = 0
openat(AT_FDCWD, "/sys/kernel/debug/fail_page_alloc/min-order", O_WRONLY|O_CLOEXEC) = 3
write(3, "0", 1) = 1
close(3) = 0
mkdir("./syzkaller.Jyzsqa", 0700) = 0
chmod("./syzkaller.Jyzsqa", 0777) = 0
chdir("./syzkaller.Jyzsqa") = 0
mkdir("./0", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5823 attached
, child_tidptr=0x55555d8c5650) = 5823
[pid 5823] set_robust_list(0x55555d8c5660, 24) = 0
[pid 5823] chdir("./0") = 0
[pid 5823] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5823] setpgid(0, 0) = 0
[pid 5823] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5823] write(3, "1000", 4) = 4
[pid 5823] close(3) = 0
[pid 5823] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5823] write(1, "executing program\n", 18executing program
) = 18
[pid 5823] memfd_create("syzkaller", 0) = 3
[pid 5823] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5594c00000
[pid 5823] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5823] munmap(0x7f5594c00000, 138412032) = 0
[pid 5823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5823] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5823] close(3) = 0
[pid 5823] close(4) = 0
[pid 5823] mkdir("./file0", 0777) = 0
[ 69.447223][ T5823] loop0: detected capacity change from 0 to 32768
[ 69.489728][ T5823] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor183 (5823)
[ 69.525708][ T5823] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 69.542783][ T5823] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 69.552233][ T5823] BTRFS info (device loop0): disk space caching is enabled
[ 69.560854][ T5823] BTRFS warning (device loop0): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[pid 5823] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,user_subvol_rm_allowed,compress-force=zlib,noautodefrag,autodefrag,autodefrag,max_inline"...) = 0
[pid 5823] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[ 69.665337][ T5823] BTRFS info (device loop0): rebuilding free space tree
[ 69.686537][ T5823] BTRFS info (device loop0): disabling free space tree
[ 69.693752][ T5823] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[ 69.704020][ T5823] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[pid 5823] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5823] ioctl(4, LOOP_CLR_FD) = 0
[pid 5823] close(4) = 0
[pid 5823] chdir("./file0") = 0
[pid 5823] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5823] write(4, "14", 2) = 2
[ 69.784760][ T5823] FAULT_INJECTION: forcing a failure.
[ 69.784760][ T5823] name failslab, interval 1, probability 0, space 0, times 1
[ 69.797834][ T5823] CPU: 1 UID: 0 PID: 5823 Comm: syz-executor183 Not tainted 6.14.0-rc4-syzkaller-00242-g7a5668899f54 #0
[ 69.797865][ T5823] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 69.797878][ T5823] Call Trace:
[ 69.797884][ T5823]
[ 69.797891][ T5823] dump_stack_lvl+0x241/0x360
[ 69.797938][ T5823] ? __pfx_dump_stack_lvl+0x10/0x10
[ 69.797954][ T5823] ? __pfx__printk+0x10/0x10
[ 69.797978][ T5823] ? kmem_cache_alloc_lru_noprof+0x4d/0x390
[ 69.798003][ T5823] ? __pfx___might_resched+0x10/0x10
[ 69.798020][ T5823] ? smk_access+0x4ab/0x4e0
[ 69.798047][ T5823] should_fail_ex+0x40a/0x550
[ 69.798073][ T5823] should_failslab+0xac/0x100
[ 69.798096][ T5823] ? btrfs_alloc_inode+0x58/0x360
[ 69.798112][ T5823] kmem_cache_alloc_lru_noprof+0x75/0x390
[ 69.798136][ T5823] ? __pfx_btrfs_alloc_inode+0x10/0x10
[ 69.798155][ T5823] btrfs_alloc_inode+0x58/0x360
[ 69.798170][ T5823] ? __pfx_btrfs_alloc_inode+0x10/0x10
[ 69.798188][ T5823] alloc_inode+0x65/0x1a0
[ 69.798206][ T5823] new_inode+0x22/0x1d0
[ 69.798226][ T5823] btrfs_mkdir+0x4b/0x100
[ 69.798249][ T5823] vfs_mkdir+0x2f9/0x4f0
[ 69.798275][ T5823] do_mkdirat+0x264/0x3a0
[ 69.798292][ T5823] ? __check_object_size+0x47a/0x730
[ 69.798319][ T5823] ? __pfx_do_mkdirat+0x10/0x10
[ 69.798336][ T5823] ? strncpy_from_user+0x146/0x270
[ 69.798360][ T5823] ? getname_flags+0x1e3/0x540
[ 69.798380][ T5823] __x64_sys_mkdir+0x6c/0x80
[ 69.798399][ T5823] do_syscall_64+0xf3/0x230
[ 69.798425][ T5823] ? clear_bhb_loop+0x35/0x90
[ 69.798449][ T5823] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 69.798469][ T5823] RIP: 0033:0x7f559d21ccd7
[ 69.798487][ T5823] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[pid 5823] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOMEM (Cannot allocate memory)
[pid 5823] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid 5823] +++ killed by SIGSEGV +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5823, si_uid=0, si_status=SIGSEGV, si_utime=3 /* 0.03 s */, si_stime=22 /* 0.22 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
[ 69.798500][ T5823] RSP: 002b:00007fff80f2fa58 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 69.798524][ T5823] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f559d21ccd7
[ 69.798535][ T5823] RDX: 0000000000020c28 RSI: 00000000000001ff RDI: 0000400000001080
[ 69.798545][ T5823] RBP: 0000400000001080 R08: 0000000000000003 R09: 0000000000000000
[ 69.798555][ T5823] R10: 0000000000000000 R11: 0000000000000246 R12: 0000400000000080
[ 69.798564][ T5823] R13: 00007fff80f2faf0 R14: 0000000000000000 R15: 0000000000000000
[ 69.798589][ T5823]
umount2("./0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555d8c66f0 /* 4 entries */, 32768) = 112
umount2("./0/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./0/binderfs") = 0
[ 70.166522][ T5821] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./0/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./0/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./0/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555d8ce730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555d8ce730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./0/file0") = 0
getdents64(3, 0x55555d8c66f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./0") = 0
mkdir("./1", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5842 attached
, child_tidptr=0x55555d8c5650) = 5842
[pid 5842] set_robust_list(0x55555d8c5660, 24) = 0
[pid 5842] chdir("./1") = 0
[pid 5842] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5842] setpgid(0, 0) = 0
[pid 5842] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5842] write(3, "1000", 4) = 4
[pid 5842] close(3) = 0
[pid 5842] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 5842] write(1, "executing program\n", 18) = 18
[pid 5842] memfd_create("syzkaller", 0) = 3
[pid 5842] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5594c00000
[pid 5842] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5842] munmap(0x7f5594c00000, 138412032) = 0
[pid 5842] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5842] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5842] close(3) = 0
[pid 5842] close(4) = 0
[pid 5842] mkdir("./file0", 0777) = 0
[ 70.770552][ T5842] loop0: detected capacity change from 0 to 32768
[ 70.824848][ T5842] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor183 (5842)
[ 70.862231][ T5842] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 70.873367][ T5842] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 70.882130][ T5842] BTRFS info (device loop0): disk space caching is enabled
[ 70.890543][ T5842] BTRFS warning (device loop0): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[pid 5842] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,user_subvol_rm_allowed,compress-force=zlib,noautodefrag,autodefrag,autodefrag,max_inline"...) = 0
[pid 5842] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5842] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5842] ioctl(4, LOOP_CLR_FD) = 0
[pid 5842] close(4) = 0
[pid 5842] chdir("./file0") = 0
[pid 5842] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5842] write(4, "14", 2) = 2
[ 70.950256][ T5842] BTRFS info (device loop0): rebuilding free space tree
[ 70.962084][ T5842] BTRFS info (device loop0): disabling free space tree
[ 70.969461][ T5842] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[ 70.979285][ T5842] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[ 71.018667][ T5842] FAULT_INJECTION: forcing a failure.
[ 71.018667][ T5842] name failslab, interval 1, probability 0, space 0, times 0
[ 71.031843][ T5842] CPU: 0 UID: 0 PID: 5842 Comm: syz-executor183 Not tainted 6.14.0-rc4-syzkaller-00242-g7a5668899f54 #0
[ 71.031866][ T5842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 71.031877][ T5842] Call Trace:
[ 71.031883][ T5842]
[ 71.031891][ T5842] dump_stack_lvl+0x241/0x360
[ 71.031916][ T5842] ? __pfx_dump_stack_lvl+0x10/0x10
[ 71.031943][ T5842] ? __pfx__printk+0x10/0x10
[ 71.031968][ T5842] ? fs_reclaim_acquire+0x93/0x130
[ 71.031988][ T5842] ? __pfx___might_resched+0x10/0x10
[ 71.032011][ T5842] should_fail_ex+0x40a/0x550
[ 71.032035][ T5842] should_failslab+0xac/0x100
[ 71.032056][ T5842] ? security_inode_alloc+0x37/0x310
[ 71.032071][ T5842] kmem_cache_alloc_noprof+0x70/0x380
[ 71.032097][ T5842] security_inode_alloc+0x37/0x310
[ 71.032115][ T5842] inode_init_always_gfp+0xa0f/0xd90
[ 71.032138][ T5842] ? __pfx_btrfs_alloc_inode+0x10/0x10
[ 71.032155][ T5842] alloc_inode+0x9f/0x1a0
[ 71.032171][ T5842] new_inode+0x22/0x1d0
[ 71.032188][ T5842] btrfs_mkdir+0x4b/0x100
[ 71.032210][ T5842] vfs_mkdir+0x2f9/0x4f0
[ 71.032235][ T5842] do_mkdirat+0x264/0x3a0
[ 71.032251][ T5842] ? __check_object_size+0x47a/0x730
[ 71.032276][ T5842] ? __pfx_do_mkdirat+0x10/0x10
[ 71.032292][ T5842] ? strncpy_from_user+0x146/0x270
[ 71.032316][ T5842] ? getname_flags+0x1e3/0x540
[ 71.032336][ T5842] __x64_sys_mkdir+0x6c/0x80
[ 71.032359][ T5842] do_syscall_64+0xf3/0x230
[ 71.032379][ T5842] ? clear_bhb_loop+0x35/0x90
[ 71.032403][ T5842] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 71.032423][ T5842] RIP: 0033:0x7f559d21ccd7
[ 71.032439][ T5842] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 71.032452][ T5842] RSP: 002b:00007fff80f2fa58 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[pid 5842] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOMEM (Cannot allocate memory)
[pid 5842] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid 5842] +++ killed by SIGSEGV +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5842, si_uid=0, si_status=SIGSEGV, si_utime=4 /* 0.04 s */, si_stime=22 /* 0.22 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./1", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555d8c66f0 /* 4 entries */, 32768) = 112
umount2("./1/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./1/binderfs") = 0
[ 71.032469][ T5842] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f559d21ccd7
[ 71.032479][ T5842] RDX: 0000000000020c28 RSI: 00000000000001ff RDI: 0000400000001080
[ 71.032489][ T5842] RBP: 0000400000001080 R08: 0000000000000003 R09: 0000000000000000
[ 71.032499][ T5842] R10: 0000000000000000 R11: 0000000000000246 R12: 0000400000000080
[ 71.032508][ T5842] R13: 00007fff80f2faf0 R14: 0000000000000000 R15: 0000000000000000
[ 71.032533][ T5842]
[ 71.295154][ T5821] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./1/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./1/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./1/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555d8ce730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555d8ce730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./1/file0") = 0
getdents64(3, 0x55555d8c66f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./1") = 0
mkdir("./2", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555d8c5650) = 5860
./strace-static-x86_64: Process 5860 attached
[pid 5860] set_robust_list(0x55555d8c5660, 24) = 0
[pid 5860] chdir("./2") = 0
[pid 5860] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5860] setpgid(0, 0) = 0
[pid 5860] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5860] write(3, "1000", 4) = 4
[pid 5860] close(3) = 0
[pid 5860] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5860] write(1, "executing program\n", 18executing program
) = 18
[pid 5860] memfd_create("syzkaller", 0) = 3
[pid 5860] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5594c00000
[pid 5860] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5860] munmap(0x7f5594c00000, 138412032) = 0
[pid 5860] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5860] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5860] close(3) = 0
[pid 5860] close(4) = 0
[pid 5860] mkdir("./file0", 0777) = 0
[ 71.644694][ T5860] loop0: detected capacity change from 0 to 32768
[ 71.689571][ T5860] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor183 (5860)
[ 71.710021][ T5860] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 71.720701][ T5860] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 71.730075][ T5860] BTRFS info (device loop0): disk space caching is enabled
[ 71.738042][ T5860] BTRFS warning (device loop0): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[pid 5860] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,user_subvol_rm_allowed,compress-force=zlib,noautodefrag,autodefrag,autodefrag,max_inline"...) = 0
[pid 5860] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5860] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5860] ioctl(4, LOOP_CLR_FD) = 0
[pid 5860] close(4) = 0
[pid 5860] chdir("./file0") = 0
[ 71.814885][ T5860] BTRFS info (device loop0): rebuilding free space tree
[ 71.826906][ T5860] BTRFS info (device loop0): disabling free space tree
[ 71.833910][ T5860] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[ 71.843754][ T5860] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[pid 5860] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5860] write(4, "14", 2) = 2
[ 71.906245][ T5860] FAULT_INJECTION: forcing a failure.
[ 71.906245][ T5860] name failslab, interval 1, probability 0, space 0, times 0
[ 71.919406][ T5860] CPU: 0 UID: 0 PID: 5860 Comm: syz-executor183 Not tainted 6.14.0-rc4-syzkaller-00242-g7a5668899f54 #0
[ 71.919444][ T5860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 71.919455][ T5860] Call Trace:
[ 71.919461][ T5860]
[ 71.919467][ T5860] dump_stack_lvl+0x241/0x360
[ 71.919492][ T5860] ? __pfx_dump_stack_lvl+0x10/0x10
[ 71.919508][ T5860] ? __pfx__printk+0x10/0x10
[ 71.919533][ T5860] ? kmem_cache_alloc_lru_noprof+0x4d/0x390
[ 71.919557][ T5860] ? __pfx___might_resched+0x10/0x10
[ 71.919575][ T5860] ? smk_access+0x4ab/0x4e0
[ 71.919599][ T5860] should_fail_ex+0x40a/0x550
[ 71.919626][ T5860] should_failslab+0xac/0x100
[ 71.919657][ T5860] ? btrfs_alloc_inode+0x58/0x360
[ 71.919683][ T5860] kmem_cache_alloc_lru_noprof+0x75/0x390
[ 71.919709][ T5860] ? __pfx_btrfs_alloc_inode+0x10/0x10
[ 71.919727][ T5860] btrfs_alloc_inode+0x58/0x360
[ 71.919741][ T5860] ? __pfx_btrfs_alloc_inode+0x10/0x10
[ 71.919760][ T5860] alloc_inode+0x65/0x1a0
[ 71.919779][ T5860] new_inode+0x22/0x1d0
[ 71.919799][ T5860] btrfs_mkdir+0x4b/0x100
[ 71.919822][ T5860] vfs_mkdir+0x2f9/0x4f0
[ 71.919846][ T5860] do_mkdirat+0x264/0x3a0
[ 71.919861][ T5860] ? __check_object_size+0x47a/0x730
[ 71.919886][ T5860] ? __pfx_do_mkdirat+0x10/0x10
[ 71.919902][ T5860] ? strncpy_from_user+0x146/0x270
[ 71.919923][ T5860] ? getname_flags+0x1e3/0x540
[ 71.919941][ T5860] __x64_sys_mkdir+0x6c/0x80
[ 71.919960][ T5860] do_syscall_64+0xf3/0x230
[ 71.919981][ T5860] ? clear_bhb_loop+0x35/0x90
[ 71.920006][ T5860] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 71.920025][ T5860] RIP: 0033:0x7f559d21ccd7
[ 71.920040][ T5860] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[pid 5860] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOMEM (Cannot allocate memory)
[pid 5860] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid 5860] +++ killed by SIGSEGV +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5860, si_uid=0, si_status=SIGSEGV, si_utime=2 /* 0.02 s */, si_stime=23 /* 0.23 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
[ 71.920052][ T5860] RSP: 002b:00007fff80f2fa58 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 71.920069][ T5860] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f559d21ccd7
[ 71.920081][ T5860] RDX: 0000000000020c28 RSI: 00000000000001ff RDI: 0000400000001080
[ 71.920091][ T5860] RBP: 0000400000001080 R08: 0000000000000003 R09: 0000000000000000
[ 71.920101][ T5860] R10: 0000000000000000 R11: 0000000000000246 R12: 0000400000000080
[ 71.920111][ T5860] R13: 00007fff80f2faf0 R14: 0000000000000000 R15: 0000000000000000
[ 71.920137][ T5860]
umount2("./2", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555d8c66f0 /* 4 entries */, 32768) = 112
umount2("./2/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./2/binderfs") = 0
[ 72.251231][ T5821] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./2/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./2/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./2/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555d8ce730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555d8ce730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./2/file0") = 0
getdents64(3, 0x55555d8c66f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./2") = 0
mkdir("./3", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5878 attached
, child_tidptr=0x55555d8c5650) = 5878
[pid 5878] set_robust_list(0x55555d8c5660, 24) = 0
[pid 5878] chdir("./3") = 0
[pid 5878] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5878] setpgid(0, 0) = 0
[pid 5878] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5878] write(3, "1000", 4) = 4
[pid 5878] close(3) = 0
[pid 5878] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 5878] write(1, "executing program\n", 18) = 18
[pid 5878] memfd_create("syzkaller", 0) = 3
[pid 5878] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5594c00000
[pid 5878] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5878] munmap(0x7f5594c00000, 138412032) = 0
[pid 5878] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5878] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5878] close(3) = 0
[pid 5878] close(4) = 0
[pid 5878] mkdir("./file0", 0777) = 0
[ 72.873551][ T5878] loop0: detected capacity change from 0 to 32768
[ 72.906724][ T5878] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor183 (5878)
[ 72.932948][ T5878] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 72.944778][ T5878] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 72.955930][ T5878] BTRFS info (device loop0): disk space caching is enabled
[ 72.964152][ T5878] BTRFS warning (device loop0): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[pid 5878] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,user_subvol_rm_allowed,compress-force=zlib,noautodefrag,autodefrag,autodefrag,max_inline"...) = 0
[pid 5878] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5878] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5878] ioctl(4, LOOP_CLR_FD) = 0
[pid 5878] close(4) = 0
[pid 5878] chdir("./file0") = 0
[pid 5878] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5878] write(4, "14", 2) = 2
[ 73.047660][ T5878] BTRFS info (device loop0): rebuilding free space tree
[ 73.060660][ T5878] BTRFS info (device loop0): disabling free space tree
[ 73.069176][ T5878] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[ 73.079914][ T5878] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[pid 5878] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOMEM (Cannot allocate memory)
[pid 5878] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[ 73.106830][ T5878] FAULT_INJECTION: forcing a failure.
[ 73.106830][ T5878] name failslab, interval 1, probability 0, space 0, times 0
[ 73.142858][ T5878] CPU: 1 UID: 0 PID: 5878 Comm: syz-executor183 Not tainted 6.14.0-rc4-syzkaller-00242-g7a5668899f54 #0
[ 73.142882][ T5878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 73.142891][ T5878] Call Trace:
[ 73.142897][ T5878]
[ 73.142904][ T5878] dump_stack_lvl+0x241/0x360
[ 73.142927][ T5878] ? __pfx_dump_stack_lvl+0x10/0x10
[ 73.142943][ T5878] ? __pfx__printk+0x10/0x10
[ 73.142966][ T5878] ? fs_reclaim_acquire+0x93/0x130
[ 73.142985][ T5878] ? __pfx___might_resched+0x10/0x10
[ 73.143008][ T5878] should_fail_ex+0x40a/0x550
[ 73.143035][ T5878] should_failslab+0xac/0x100
[ 73.143059][ T5878] __kmalloc_cache_noprof+0x70/0x390
[ 73.143074][ T5878] ? join_transaction+0x14d/0xe60
[ 73.143099][ T5878] join_transaction+0x14d/0xe60
[ 73.143117][ T5878] ? rcu_is_watching+0x15/0xb0
[ 73.143146][ T5878] start_transaction+0x770/0x16b0
[ 73.143180][ T5878] btrfs_create_common+0x1b2/0x2e0
[ 73.143204][ T5878] ? __pfx_btrfs_create_common+0x10/0x10
[ 73.143241][ T5878] ? btrfs_mkdir+0x7a/0x100
[ 73.143264][ T5878] vfs_mkdir+0x2f9/0x4f0
[ 73.143291][ T5878] do_mkdirat+0x264/0x3a0
[ 73.143308][ T5878] ? __check_object_size+0x47a/0x730
[ 73.143335][ T5878] ? __pfx_do_mkdirat+0x10/0x10
[ 73.143351][ T5878] ? strncpy_from_user+0x146/0x270
[ 73.143375][ T5878] ? getname_flags+0x1e3/0x540
[ 73.143395][ T5878] __x64_sys_mkdir+0x6c/0x80
[ 73.143415][ T5878] do_syscall_64+0xf3/0x230
[ 73.143436][ T5878] ? clear_bhb_loop+0x35/0x90
[ 73.143460][ T5878] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 73.143479][ T5878] RIP: 0033:0x7f559d21ccd7
[ 73.143493][ T5878] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 73.143506][ T5878] RSP: 002b:00007fff80f2fa58 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 73.143523][ T5878] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f559d21ccd7
[pid 5878] +++ killed by SIGSEGV +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5878, si_uid=0, si_status=SIGSEGV, si_utime=1 /* 0.01 s */, si_stime=25 /* 0.25 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./3", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555d8c66f0 /* 4 entries */, 32768) = 112
umount2("./3/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./3/binderfs") = 0
[ 73.143541][ T5878] RDX: 0000000000020c28 RSI: 00000000000001ff RDI: 0000400000001080
[ 73.143551][ T5878] RBP: 0000400000001080 R08: 0000000000000003 R09: 0000000000000000
[ 73.143561][ T5878] R10: 0000000000000000 R11: 0000000000000246 R12: 0000400000000080
[ 73.143571][ T5878] R13: 00007fff80f2faf0 R14: 0000000000000000 R15: 0000000000000000
[ 73.143598][ T5878]
[ 73.429161][ T5821] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./3/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./3/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./3/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555d8ce730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555d8ce730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./3/file0") = 0
getdents64(3, 0x55555d8c66f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./3") = 0
mkdir("./4", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5896 attached
, child_tidptr=0x55555d8c5650) = 5896
[pid 5896] set_robust_list(0x55555d8c5660, 24) = 0
[pid 5896] chdir("./4") = 0
[pid 5896] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5896] setpgid(0, 0) = 0
[pid 5896] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5896] write(3, "1000", 4) = 4
[pid 5896] close(3) = 0
[pid 5896] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 5896] write(1, "executing program\n", 18) = 18
[pid 5896] memfd_create("syzkaller", 0) = 3
[pid 5896] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5594c00000
[pid 5896] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5896] munmap(0x7f5594c00000, 138412032) = 0
[pid 5896] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5896] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5896] close(3) = 0
[pid 5896] close(4) = 0
[pid 5896] mkdir("./file0", 0777) = 0
[ 73.771456][ T5896] loop0: detected capacity change from 0 to 32768
[ 73.804153][ T5896] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor183 (5896)
[ 73.824922][ T5896] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 73.835689][ T5896] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 73.846142][ T5896] BTRFS info (device loop0): disk space caching is enabled
[ 73.853969][ T5896] BTRFS warning (device loop0): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[pid 5896] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,user_subvol_rm_allowed,compress-force=zlib,noautodefrag,autodefrag,autodefrag,max_inline"...) = 0
[pid 5896] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5896] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5896] ioctl(4, LOOP_CLR_FD) = 0
[pid 5896] close(4) = 0
[pid 5896] chdir("./file0") = 0
[pid 5896] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5896] write(4, "14", 2) = 2
[ 73.943576][ T5896] BTRFS info (device loop0): rebuilding free space tree
[ 73.955755][ T5896] BTRFS info (device loop0): disabling free space tree
[ 73.963546][ T5896] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[ 73.973506][ T5896] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[ 74.007420][ T5896] FAULT_INJECTION: forcing a failure.
[ 74.007420][ T5896] name failslab, interval 1, probability 0, space 0, times 0
[ 74.021410][ T5896] CPU: 0 UID: 0 PID: 5896 Comm: syz-executor183 Not tainted 6.14.0-rc4-syzkaller-00242-g7a5668899f54 #0
[ 74.021431][ T5896] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 74.021440][ T5896] Call Trace:
[ 74.021446][ T5896]
[ 74.021452][ T5896] dump_stack_lvl+0x241/0x360
[ 74.021476][ T5896] ? __pfx_dump_stack_lvl+0x10/0x10
[ 74.021493][ T5896] ? __pfx__printk+0x10/0x10
[ 74.021518][ T5896] ? fs_reclaim_acquire+0x93/0x130
[ 74.021539][ T5896] ? __pfx___might_resched+0x10/0x10
[ 74.021562][ T5896] should_fail_ex+0x40a/0x550
[ 74.021587][ T5896] should_failslab+0xac/0x100
[ 74.021611][ T5896] ? btrfs_create_new_inode+0x237/0x1fa0
[ 74.021626][ T5896] kmem_cache_alloc_noprof+0x70/0x380
[ 74.021653][ T5896] btrfs_create_new_inode+0x237/0x1fa0
[ 74.021672][ T5896] ? btrfs_qgroup_convert_reserved_meta+0xf2/0xdb0
[ 74.021699][ T5896] ? __pfx___mutex_unlock_slowpath+0x10/0x10
[ 74.021728][ T5896] ? record_root_in_trans+0x2d8/0x360
[ 74.021745][ T5896] ? __pfx_btrfs_create_new_inode+0x10/0x10
[ 74.021764][ T5896] ? btrfs_record_root_in_trans+0x16e/0x190
[ 74.021786][ T5896] ? start_transaction+0x3f8/0x16b0
[ 74.021824][ T5896] btrfs_create_common+0x1d4/0x2e0
[ 74.021849][ T5896] ? __pfx_btrfs_create_common+0x10/0x10
[ 74.021886][ T5896] ? btrfs_mkdir+0x7a/0x100
[ 74.021908][ T5896] vfs_mkdir+0x2f9/0x4f0
[ 74.021935][ T5896] do_mkdirat+0x264/0x3a0
[ 74.021953][ T5896] ? __check_object_size+0x47a/0x730
[ 74.021980][ T5896] ? __pfx_do_mkdirat+0x10/0x10
[ 74.021997][ T5896] ? strncpy_from_user+0x146/0x270
[ 74.022020][ T5896] ? getname_flags+0x1e3/0x540
[ 74.022040][ T5896] __x64_sys_mkdir+0x6c/0x80
[ 74.022060][ T5896] do_syscall_64+0xf3/0x230
[ 74.022079][ T5896] ? clear_bhb_loop+0x35/0x90
[ 74.022103][ T5896] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 74.022121][ T5896] RIP: 0033:0x7f559d21ccd7
[ 74.022136][ T5896] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 74.022149][ T5896] RSP: 002b:00007fff80f2fa58 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 74.022166][ T5896] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f559d21ccd7
[ 74.022177][ T5896] RDX: 0000000000020c28 RSI: 00000000000001ff RDI: 0000400000001080
[ 74.022187][ T5896] RBP: 0000400000001080 R08: 0000000000000003 R09: 0000000000000000
[pid 5896] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOMEM (Cannot allocate memory)
[pid 5896] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid 5896] +++ killed by SIGSEGV +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5896, si_uid=0, si_status=SIGSEGV, si_utime=2 /* 0.02 s */, si_stime=26 /* 0.26 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./4", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555d8c66f0 /* 4 entries */, 32768) = 112
umount2("./4/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./4/binderfs") = 0
[ 74.022196][ T5896] R10: 0000000000000000 R11: 0000000000000246 R12: 0000400000000080
[ 74.022206][ T5896] R13: 00007fff80f2faf0 R14: 0000000000000000 R15: 0000000000000000
[ 74.022232][ T5896]
[ 74.325243][ T5821] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./4/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./4/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./4/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555d8ce730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555d8ce730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./4/file0") = 0
getdents64(3, 0x55555d8c66f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./4") = 0
mkdir("./5", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5914 attached
[pid 5914] set_robust_list(0x55555d8c5660, 24) = 0
[pid 5914] chdir("./5"
[pid 5821] <... clone resumed>, child_tidptr=0x55555d8c5650) = 5914
[pid 5914] <... chdir resumed>) = 0
[pid 5914] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5914] setpgid(0, 0) = 0
[pid 5914] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5914] write(3, "1000", 4) = 4
[pid 5914] close(3) = 0
[pid 5914] symlink("/dev/binderfs", "./binderfs") = 0
executing program
[pid 5914] write(1, "executing program\n", 18) = 18
[pid 5914] memfd_create("syzkaller", 0) = 3
[pid 5914] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5594c00000
[pid 5914] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5914] munmap(0x7f5594c00000, 138412032) = 0
[pid 5914] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5914] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5914] close(3) = 0
[pid 5914] close(4) = 0
[pid 5914] mkdir("./file0", 0777) = 0
[ 74.684819][ T5914] loop0: detected capacity change from 0 to 32768
[ 74.716273][ T5914] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor183 (5914)
[ 74.735141][ T5914] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 74.745980][ T5914] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 74.755739][ T5914] BTRFS info (device loop0): disk space caching is enabled
[ 74.763471][ T5914] BTRFS warning (device loop0): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[pid 5914] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,user_subvol_rm_allowed,compress-force=zlib,noautodefrag,autodefrag,autodefrag,max_inline"...) = 0
[pid 5914] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5914] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5914] ioctl(4, LOOP_CLR_FD) = 0
[pid 5914] close(4) = 0
[pid 5914] chdir("./file0") = 0
[pid 5914] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[ 74.841349][ T5914] BTRFS info (device loop0): rebuilding free space tree
[ 74.854115][ T5914] BTRFS info (device loop0): disabling free space tree
[ 74.861281][ T5914] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[ 74.871021][ T5914] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[pid 5914] write(4, "14", 2) = 2
[ 74.899574][ T5914] FAULT_INJECTION: forcing a failure.
[ 74.899574][ T5914] name failslab, interval 1, probability 0, space 0, times 0
[ 74.913696][ T5914] CPU: 0 UID: 0 PID: 5914 Comm: syz-executor183 Not tainted 6.14.0-rc4-syzkaller-00242-g7a5668899f54 #0
[ 74.913720][ T5914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 74.913730][ T5914] Call Trace:
[ 74.913736][ T5914]
[ 74.913743][ T5914] dump_stack_lvl+0x241/0x360
[ 74.913769][ T5914] ? __pfx_dump_stack_lvl+0x10/0x10
[ 74.913785][ T5914] ? __pfx__printk+0x10/0x10
[ 74.913811][ T5914] ? fs_reclaim_acquire+0x93/0x130
[ 74.913831][ T5914] ? __pfx___might_resched+0x10/0x10
[ 74.913856][ T5914] should_fail_ex+0x40a/0x550
[ 74.913885][ T5914] should_failslab+0xac/0x100
[ 74.913909][ T5914] ? alloc_extent_state+0x25/0x310
[ 74.913922][ T5914] kmem_cache_alloc_noprof+0x70/0x380
[ 74.913952][ T5914] alloc_extent_state+0x25/0x310
[ 74.913971][ T5914] __set_extent_bit+0x1fd/0x1e60
[ 74.913995][ T5914] ? down_write_nested+0x195/0x220
[ 74.914024][ T5914] set_extent_bit+0x3b/0x50
[ 74.914043][ T5914] btrfs_alloc_tree_block+0x96b/0x1430
[ 74.914076][ T5914] ? __pfx_btrfs_alloc_tree_block+0x10/0x10
[ 74.914101][ T5914] ? irqentry_exit+0x63/0x90
[ 74.914120][ T5914] ? lockdep_hardirqs_on+0x99/0x150
[ 74.914151][ T5914] ? read_extent_buffer+0x10d/0x550
[ 74.914177][ T5914] btrfs_force_cow_block+0x526/0x1fd0
[ 74.914207][ T5914] ? __pfx_lock_acquire+0x10/0x10
[ 74.914242][ T5914] ? __pfx_btrfs_force_cow_block+0x10/0x10
[ 74.914262][ T5914] ? btrfs_qgroup_add_swapped_blocks+0x8f0/0x9b0
[ 74.914289][ T5914] ? down_write_nested+0x195/0x220
[ 74.914305][ T5914] ? __pfx_down_write_nested+0x10/0x10
[ 74.914325][ T5914] btrfs_cow_block+0x371/0x830
[ 74.914358][ T5914] btrfs_search_slot+0xc01/0x3180
[ 74.914407][ T5914] ? __pfx_btrfs_search_slot+0x10/0x10
[ 74.914427][ T5914] ? btrfs_create_new_inode+0xa4f/0x1fa0
[ 74.914445][ T5914] ? __pfx_lock_release+0x10/0x10
[ 74.914471][ T5914] ? _raw_spin_unlock+0x28/0x50
[ 74.914492][ T5914] ? do_raw_spin_unlock+0x13c/0x8b0
[ 74.914513][ T5914] btrfs_insert_empty_items+0x9c/0x1a0
[ 74.914538][ T5914] btrfs_create_new_inode+0xdec/0x1fa0
[ 74.914605][ T5914] ? record_root_in_trans+0x2d8/0x360
[ 74.914627][ T5914] ? __pfx_btrfs_create_new_inode+0x10/0x10
[ 74.914649][ T5914] ? btrfs_record_root_in_trans+0x16e/0x190
[ 74.914674][ T5914] ? start_transaction+0x3f8/0x16b0
[ 74.914712][ T5914] btrfs_create_common+0x1d4/0x2e0
[ 74.914737][ T5914] ? __pfx_btrfs_create_common+0x10/0x10
[ 74.914776][ T5914] ? btrfs_mkdir+0x7a/0x100
[ 74.914800][ T5914] vfs_mkdir+0x2f9/0x4f0
[ 74.914829][ T5914] do_mkdirat+0x264/0x3a0
[ 74.914848][ T5914] ? __check_object_size+0x47a/0x730
[ 74.914875][ T5914] ? __pfx_do_mkdirat+0x10/0x10
[ 74.914892][ T5914] ? strncpy_from_user+0x146/0x270
[ 74.914917][ T5914] ? getname_flags+0x1e3/0x540
[ 74.914938][ T5914] __x64_sys_mkdir+0x6c/0x80
[ 74.914958][ T5914] do_syscall_64+0xf3/0x230
[ 74.914979][ T5914] ? clear_bhb_loop+0x35/0x90
[ 74.915004][ T5914] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 74.915024][ T5914] RIP: 0033:0x7f559d21ccd7
[ 74.915040][ T5914] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 74.915052][ T5914] RSP: 002b:00007fff80f2fa58 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 74.915069][ T5914] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f559d21ccd7
[pid 5914] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0
[pid 5914] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid 5914] +++ killed by SIGSEGV +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5914, si_uid=0, si_status=SIGSEGV, si_utime=4 /* 0.04 s */, si_stime=22 /* 0.22 s */} ---
umount2("./5", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555d8c66f0 /* 4 entries */, 32768) = 112
umount2("./5/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./5/binderfs") = 0
[ 74.915080][ T5914] RDX: 0000000000020c28 RSI: 00000000000001ff RDI: 0000400000001080
[ 74.915090][ T5914] RBP: 0000400000001080 R08: 0000000000000003 R09: 0000000000000000
[ 74.915099][ T5914] R10: 0000000000000000 R11: 0000000000000246 R12: 0000400000000080
[ 74.915109][ T5914] R13: 00007fff80f2faf0 R14: 0000000000000000 R15: 0000000000000000
[ 74.915138][ T5914]
[ 75.320771][ T5821] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./5/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./5/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./5/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555d8ce730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555d8ce730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./5/file0") = 0
getdents64(3, 0x55555d8c66f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./5") = 0
mkdir("./6", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5932 attached
, child_tidptr=0x55555d8c5650) = 5932
[pid 5932] set_robust_list(0x55555d8c5660, 24) = 0
[pid 5932] chdir("./6") = 0
[pid 5932] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5932] setpgid(0, 0) = 0
[pid 5932] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5932] write(3, "1000", 4) = 4
[pid 5932] close(3) = 0
[pid 5932] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5932] write(1, "executing program\n", 18executing program
) = 18
[pid 5932] memfd_create("syzkaller", 0) = 3
[pid 5932] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5594c00000
[pid 5932] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5932] munmap(0x7f5594c00000, 138412032) = 0
[pid 5932] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5932] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5932] close(3) = 0
[pid 5932] close(4) = 0
[pid 5932] mkdir("./file0", 0777) = 0
[ 75.687596][ T5932] loop0: detected capacity change from 0 to 32768
[ 75.719766][ T5932] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor183 (5932)
[ 75.740047][ T5932] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 75.750807][ T5932] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 75.759797][ T5932] BTRFS info (device loop0): disk space caching is enabled
[ 75.768524][ T5932] BTRFS warning (device loop0): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[pid 5932] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,user_subvol_rm_allowed,compress-force=zlib,noautodefrag,autodefrag,autodefrag,max_inline"...) = 0
[pid 5932] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5932] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5932] ioctl(4, LOOP_CLR_FD) = 0
[ 75.846907][ T5932] BTRFS info (device loop0): rebuilding free space tree
[ 75.858022][ T5932] BTRFS info (device loop0): disabling free space tree
[ 75.865046][ T5932] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[ 75.874870][ T5932] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[pid 5932] close(4) = 0
[pid 5932] chdir("./file0") = 0
[pid 5932] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5932] write(4, "14", 2) = 2
[ 75.935031][ T5932] FAULT_INJECTION: forcing a failure.
[ 75.935031][ T5932] name failslab, interval 1, probability 0, space 0, times 0
[ 75.947836][ T5932] CPU: 1 UID: 0 PID: 5932 Comm: syz-executor183 Not tainted 6.14.0-rc4-syzkaller-00242-g7a5668899f54 #0
[ 75.947858][ T5932] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 75.947868][ T5932] Call Trace:
[ 75.947873][ T5932]
[ 75.947880][ T5932] dump_stack_lvl+0x241/0x360
[ 75.947905][ T5932] ? __pfx_dump_stack_lvl+0x10/0x10
[ 75.947921][ T5932] ? __pfx__printk+0x10/0x10
[ 75.947946][ T5932] ? fs_reclaim_acquire+0x93/0x130
[ 75.947967][ T5932] ? __pfx___might_resched+0x10/0x10
[ 75.947993][ T5932] should_fail_ex+0x40a/0x550
[ 75.948021][ T5932] should_failslab+0xac/0x100
[ 75.948045][ T5932] ? alloc_extent_state+0x25/0x310
[ 75.948059][ T5932] kmem_cache_alloc_noprof+0x70/0x380
[ 75.948089][ T5932] alloc_extent_state+0x25/0x310
[ 75.948108][ T5932] __set_extent_bit+0x1fd/0x1e60
[ 75.948133][ T5932] ? down_write_nested+0x195/0x220
[ 75.948162][ T5932] set_extent_bit+0x3b/0x50
[ 75.948181][ T5932] btrfs_alloc_tree_block+0x96b/0x1430
[ 75.948217][ T5932] ? __pfx_btrfs_alloc_tree_block+0x10/0x10
[ 75.948241][ T5932] ? __lock_acquire+0x1397/0x2100
[ 75.948276][ T5932] ? read_extent_buffer+0x10d/0x550
[ 75.948302][ T5932] btrfs_force_cow_block+0x526/0x1fd0
[ 75.948333][ T5932] ? __pfx_lock_acquire+0x10/0x10
[ 75.948368][ T5932] ? __pfx_btrfs_force_cow_block+0x10/0x10
[ 75.948388][ T5932] ? btrfs_qgroup_add_swapped_blocks+0x8f0/0x9b0
[ 75.948414][ T5932] ? down_write_nested+0x195/0x220
[ 75.948438][ T5932] ? __pfx_down_write_nested+0x10/0x10
[ 75.948460][ T5932] btrfs_cow_block+0x371/0x830
[ 75.948493][ T5932] btrfs_search_slot+0xc01/0x3180
[ 75.948542][ T5932] ? __pfx_btrfs_search_slot+0x10/0x10
[ 75.948562][ T5932] ? btrfs_create_new_inode+0xa4f/0x1fa0
[ 75.948580][ T5932] ? __pfx_lock_release+0x10/0x10
[ 75.948605][ T5932] ? _raw_spin_unlock+0x28/0x50
[ 75.948627][ T5932] ? do_raw_spin_unlock+0x13c/0x8b0
[ 75.948649][ T5932] btrfs_insert_empty_items+0x9c/0x1a0
[ 75.948673][ T5932] btrfs_create_new_inode+0xdec/0x1fa0
[ 75.948708][ T5932] ? record_root_in_trans+0x2d8/0x360
[ 75.948728][ T5932] ? __pfx_btrfs_create_new_inode+0x10/0x10
[ 75.948750][ T5932] ? btrfs_record_root_in_trans+0x16e/0x190
[ 75.948799][ T5932] ? start_transaction+0x3f8/0x16b0
[ 75.948839][ T5932] btrfs_create_common+0x1d4/0x2e0
[ 75.948860][ T5932] ? __pfx_btrfs_create_common+0x10/0x10
[ 75.948893][ T5932] ? btrfs_mkdir+0x7a/0x100
[ 75.948917][ T5932] vfs_mkdir+0x2f9/0x4f0
[ 75.948946][ T5932] do_mkdirat+0x264/0x3a0
[ 75.948964][ T5932] ? __check_object_size+0x47a/0x730
[ 75.948992][ T5932] ? __pfx_do_mkdirat+0x10/0x10
[ 75.949009][ T5932] ? strncpy_from_user+0x146/0x270
[ 75.949034][ T5932] ? getname_flags+0x1e3/0x540
[ 75.949055][ T5932] __x64_sys_mkdir+0x6c/0x80
[ 75.949075][ T5932] do_syscall_64+0xf3/0x230
[ 75.949096][ T5932] ? clear_bhb_loop+0x35/0x90
[ 75.949120][ T5932] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 75.949140][ T5932] RIP: 0033:0x7f559d21ccd7
[ 75.949154][ T5932] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 75.949167][ T5932] RSP: 002b:00007fff80f2fa58 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 75.949183][ T5932] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f559d21ccd7
[ 75.949194][ T5932] RDX: 0000000000020c28 RSI: 00000000000001ff RDI: 0000400000001080
[pid 5932] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0
[pid 5932] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid 5932] +++ killed by SIGSEGV +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5932, si_uid=0, si_status=SIGSEGV, si_utime=5 /* 0.05 s */, si_stime=25 /* 0.25 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./6", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[ 75.949204][ T5932] RBP: 0000400000001080 R08: 0000000000000003 R09: 0000000000000000
[ 75.949214][ T5932] R10: 0000000000000000 R11: 0000000000000246 R12: 0000400000000080
[ 75.949223][ T5932] R13: 00007fff80f2faf0 R14: 0000000000000000 R15: 0000000000000000
[ 75.949251][ T5932]
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555d8c66f0 /* 4 entries */, 32768) = 112
umount2("./6/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./6/binderfs") = 0
[ 76.387559][ T5821] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./6/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./6/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./6/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555d8ce730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555d8ce730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./6/file0") = 0
getdents64(3, 0x55555d8c66f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./6") = 0
mkdir("./7", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x55555d8c5650) = 5950
./strace-static-x86_64: Process 5950 attached
[pid 5950] set_robust_list(0x55555d8c5660, 24) = 0
[pid 5950] chdir("./7") = 0
[pid 5950] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5950] setpgid(0, 0) = 0
[pid 5950] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5950] write(3, "1000", 4) = 4
[pid 5950] close(3) = 0
[pid 5950] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5950] write(1, "executing program\n", 18executing program
) = 18
[pid 5950] memfd_create("syzkaller", 0) = 3
[pid 5950] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5594c00000
[pid 5950] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5950] munmap(0x7f5594c00000, 138412032) = 0
[pid 5950] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5950] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5950] close(3) = 0
[pid 5950] close(4) = 0
[pid 5950] mkdir("./file0", 0777) = 0
[ 76.875218][ T5950] loop0: detected capacity change from 0 to 32768
[ 76.906348][ T5950] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor183 (5950)
[ 76.931382][ T5950] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 76.942234][ T5950] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 76.953719][ T5950] BTRFS info (device loop0): disk space caching is enabled
[ 76.961880][ T5950] BTRFS warning (device loop0): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[pid 5950] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,user_subvol_rm_allowed,compress-force=zlib,noautodefrag,autodefrag,autodefrag,max_inline"...) = 0
[pid 5950] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5950] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5950] ioctl(4, LOOP_CLR_FD) = 0
[pid 5950] close(4) = 0
[pid 5950] chdir("./file0") = 0
[ 77.038471][ T5950] BTRFS info (device loop0): rebuilding free space tree
[ 77.051029][ T5950] BTRFS info (device loop0): disabling free space tree
[ 77.058330][ T5950] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[ 77.068165][ T5950] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[pid 5950] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5950] write(4, "14", 2) = 2
[pid 5950] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0
[ 77.115386][ T5950] FAULT_INJECTION: forcing a failure.
[ 77.115386][ T5950] name failslab, interval 1, probability 0, space 0, times 0
[ 77.128854][ T5950] CPU: 1 UID: 0 PID: 5950 Comm: syz-executor183 Not tainted 6.14.0-rc4-syzkaller-00242-g7a5668899f54 #0
[ 77.128878][ T5950] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 77.128887][ T5950] Call Trace:
[ 77.128893][ T5950]
[ 77.128900][ T5950] dump_stack_lvl+0x241/0x360
[ 77.128925][ T5950] ? __pfx_dump_stack_lvl+0x10/0x10
[ 77.128942][ T5950] ? __pfx__printk+0x10/0x10
[ 77.128967][ T5950] ? fs_reclaim_acquire+0x93/0x130
[ 77.128988][ T5950] ? __pfx___might_resched+0x10/0x10
[ 77.129013][ T5950] should_fail_ex+0x40a/0x550
[ 77.129041][ T5950] should_failslab+0xac/0x100
[ 77.129076][ T5950] ? alloc_extent_state+0x25/0x310
[ 77.129090][ T5950] kmem_cache_alloc_noprof+0x70/0x380
[ 77.129121][ T5950] alloc_extent_state+0x25/0x310
[ 77.129140][ T5950] __set_extent_bit+0x1fd/0x1e60
[ 77.129165][ T5950] ? down_write_nested+0x195/0x220
[ 77.129200][ T5950] set_extent_bit+0x3b/0x50
[ 77.129220][ T5950] btrfs_alloc_tree_block+0x96b/0x1430
[ 77.129256][ T5950] ? __pfx_btrfs_alloc_tree_block+0x10/0x10
[ 77.129281][ T5950] ? __lock_acquire+0x1397/0x2100
[ 77.129316][ T5950] ? read_extent_buffer+0x10d/0x550
[ 77.129342][ T5950] btrfs_force_cow_block+0x526/0x1fd0
[ 77.129374][ T5950] ? __pfx_lock_acquire+0x10/0x10
[ 77.129409][ T5950] ? __pfx_btrfs_force_cow_block+0x10/0x10
[ 77.129429][ T5950] ? btrfs_qgroup_add_swapped_blocks+0x8f0/0x9b0
[ 77.129456][ T5950] ? down_write_nested+0x195/0x220
[ 77.129472][ T5950] ? __pfx_down_write_nested+0x10/0x10
[ 77.129495][ T5950] btrfs_cow_block+0x371/0x830
[ 77.129528][ T5950] btrfs_search_slot+0xc01/0x3180
[ 77.129577][ T5950] ? __pfx_btrfs_search_slot+0x10/0x10
[ 77.129598][ T5950] ? btrfs_create_new_inode+0xa4f/0x1fa0
[ 77.129616][ T5950] ? __pfx_lock_release+0x10/0x10
[ 77.129641][ T5950] ? _raw_spin_unlock+0x28/0x50
[ 77.129662][ T5950] ? do_raw_spin_unlock+0x13c/0x8b0
[ 77.129684][ T5950] btrfs_insert_empty_items+0x9c/0x1a0
[ 77.129708][ T5950] btrfs_create_new_inode+0xdec/0x1fa0
[ 77.129743][ T5950] ? record_root_in_trans+0x2d8/0x360
[ 77.129763][ T5950] ? __pfx_btrfs_create_new_inode+0x10/0x10
[ 77.129785][ T5950] ? btrfs_record_root_in_trans+0x16e/0x190
[ 77.129810][ T5950] ? start_transaction+0x3f8/0x16b0
[ 77.129850][ T5950] btrfs_create_common+0x1d4/0x2e0
[ 77.129875][ T5950] ? __pfx_btrfs_create_common+0x10/0x10
[ 77.129915][ T5950] ? btrfs_mkdir+0x7a/0x100
[ 77.129939][ T5950] vfs_mkdir+0x2f9/0x4f0
[ 77.129967][ T5950] do_mkdirat+0x264/0x3a0
[ 77.129985][ T5950] ? __check_object_size+0x47a/0x730
[ 77.130013][ T5950] ? __pfx_do_mkdirat+0x10/0x10
[ 77.130030][ T5950] ? strncpy_from_user+0x146/0x270
[ 77.130062][ T5950] ? getname_flags+0x1e3/0x540
[ 77.130083][ T5950] __x64_sys_mkdir+0x6c/0x80
[ 77.130104][ T5950] do_syscall_64+0xf3/0x230
[ 77.130124][ T5950] ? clear_bhb_loop+0x35/0x90
[ 77.130150][ T5950] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 77.130169][ T5950] RIP: 0033:0x7f559d21ccd7
[ 77.130184][ T5950] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 77.130197][ T5950] RSP: 002b:00007fff80f2fa58 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 77.130214][ T5950] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f559d21ccd7
[ 77.130225][ T5950] RDX: 0000000000020c28 RSI: 00000000000001ff RDI: 0000400000001080
[pid 5950] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid 5950] +++ killed by SIGSEGV +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5950, si_uid=0, si_status=SIGSEGV, si_utime=3 /* 0.03 s */, si_stime=23 /* 0.23 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./7", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555d8c66f0 /* 4 entries */, 32768) = 112
umount2("./7/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./7/binderfs") = 0
[ 77.130235][ T5950] RBP: 0000400000001080 R08: 0000000000000003 R09: 0000000000000000
[ 77.130245][ T5950] R10: 0000000000000000 R11: 0000000000000246 R12: 0000400000000080
[ 77.130255][ T5950] R13: 00007fff80f2faf0 R14: 0000000000000000 R15: 0000000000000000
[ 77.130284][ T5950]
[ 77.523979][ T5821] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./7/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./7/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./7/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555d8ce730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555d8ce730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./7/file0") = 0
getdents64(3, 0x55555d8c66f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./7") = 0
mkdir("./8", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5968 attached
, child_tidptr=0x55555d8c5650) = 5968
[pid 5968] set_robust_list(0x55555d8c5660, 24) = 0
[pid 5968] chdir("./8") = 0
[pid 5968] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5968] setpgid(0, 0) = 0
[pid 5968] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5968] write(3, "1000", 4) = 4
[pid 5968] close(3) = 0
[pid 5968] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5968] write(1, "executing program\n", 18executing program
) = 18
[pid 5968] memfd_create("syzkaller", 0) = 3
[pid 5968] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5594c00000
[pid 5968] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5968] munmap(0x7f5594c00000, 138412032) = 0
[pid 5968] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5968] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5968] close(3) = 0
[pid 5968] close(4) = 0
[pid 5968] mkdir("./file0", 0777) = 0
[ 77.858660][ T5968] loop0: detected capacity change from 0 to 32768
[ 77.890055][ T5968] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor183 (5968)
[ 77.912956][ T5968] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 77.924376][ T5968] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 77.933768][ T5968] BTRFS info (device loop0): disk space caching is enabled
[ 77.941022][ T5968] BTRFS warning (device loop0): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[pid 5968] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,user_subvol_rm_allowed,compress-force=zlib,noautodefrag,autodefrag,autodefrag,max_inline"...) = 0
[pid 5968] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5968] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5968] ioctl(4, LOOP_CLR_FD) = 0
[pid 5968] close(4) = 0
[pid 5968] chdir("./file0") = 0
[pid 5968] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5968] write(4, "14", 2) = 2
[ 78.024453][ T5968] BTRFS info (device loop0): rebuilding free space tree
[ 78.038052][ T5968] BTRFS info (device loop0): disabling free space tree
[ 78.045730][ T5968] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[ 78.055483][ T5968] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[pid 5968] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0
[ 78.083659][ T5968] FAULT_INJECTION: forcing a failure.
[ 78.083659][ T5968] name failslab, interval 1, probability 0, space 0, times 0
[ 78.096841][ T5968] CPU: 0 UID: 0 PID: 5968 Comm: syz-executor183 Not tainted 6.14.0-rc4-syzkaller-00242-g7a5668899f54 #0
[ 78.096864][ T5968] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 78.096874][ T5968] Call Trace:
[ 78.096880][ T5968]
[ 78.096887][ T5968] dump_stack_lvl+0x241/0x360
[ 78.096913][ T5968] ? __pfx_dump_stack_lvl+0x10/0x10
[ 78.096930][ T5968] ? __pfx__printk+0x10/0x10
[ 78.096985][ T5968] ? fs_reclaim_acquire+0x93/0x130
[ 78.097006][ T5968] ? __pfx___might_resched+0x10/0x10
[ 78.097032][ T5968] should_fail_ex+0x40a/0x550
[ 78.097060][ T5968] should_failslab+0xac/0x100
[ 78.097084][ T5968] ? alloc_extent_state+0x25/0x310
[ 78.097099][ T5968] kmem_cache_alloc_noprof+0x70/0x380
[ 78.097129][ T5968] alloc_extent_state+0x25/0x310
[ 78.097148][ T5968] __set_extent_bit+0x1fd/0x1e60
[ 78.097173][ T5968] ? down_write_nested+0x195/0x220
[ 78.097200][ T5968] set_extent_bit+0x3b/0x50
[ 78.097220][ T5968] btrfs_alloc_tree_block+0x96b/0x1430
[ 78.097256][ T5968] ? __pfx_btrfs_alloc_tree_block+0x10/0x10
[ 78.097280][ T5968] ? __lock_acquire+0x1397/0x2100
[ 78.097315][ T5968] ? read_extent_buffer+0x10d/0x550
[ 78.097341][ T5968] btrfs_force_cow_block+0x526/0x1fd0
[ 78.097371][ T5968] ? __pfx_lock_acquire+0x10/0x10
[ 78.097406][ T5968] ? __pfx_btrfs_force_cow_block+0x10/0x10
[ 78.097426][ T5968] ? btrfs_qgroup_add_swapped_blocks+0x8f0/0x9b0
[ 78.097453][ T5968] ? down_write_nested+0x195/0x220
[ 78.097469][ T5968] ? __pfx_down_write_nested+0x10/0x10
[ 78.097491][ T5968] btrfs_cow_block+0x371/0x830
[ 78.097524][ T5968] btrfs_search_slot+0xc01/0x3180
[ 78.097573][ T5968] ? __pfx_btrfs_search_slot+0x10/0x10
[ 78.097593][ T5968] ? btrfs_create_new_inode+0xa4f/0x1fa0
[ 78.097611][ T5968] ? __pfx_lock_release+0x10/0x10
[ 78.097636][ T5968] ? _raw_spin_unlock+0x28/0x50
[ 78.097656][ T5968] ? do_raw_spin_unlock+0x13c/0x8b0
[ 78.097678][ T5968] btrfs_insert_empty_items+0x9c/0x1a0
[ 78.097702][ T5968] btrfs_create_new_inode+0xdec/0x1fa0
[ 78.097737][ T5968] ? record_root_in_trans+0x2d8/0x360
[ 78.097757][ T5968] ? __pfx_btrfs_create_new_inode+0x10/0x10
[ 78.097778][ T5968] ? btrfs_record_root_in_trans+0x16e/0x190
[ 78.097802][ T5968] ? start_transaction+0x3f8/0x16b0
[ 78.097842][ T5968] btrfs_create_common+0x1d4/0x2e0
[ 78.097866][ T5968] ? __pfx_btrfs_create_common+0x10/0x10
[ 78.097905][ T5968] ? btrfs_mkdir+0x7a/0x100
[ 78.097929][ T5968] vfs_mkdir+0x2f9/0x4f0
[ 78.097964][ T5968] do_mkdirat+0x264/0x3a0
[ 78.097982][ T5968] ? __check_object_size+0x47a/0x730
[ 78.098009][ T5968] ? __pfx_do_mkdirat+0x10/0x10
[ 78.098026][ T5968] ? strncpy_from_user+0x146/0x270
[ 78.098051][ T5968] ? getname_flags+0x1e3/0x540
[ 78.098072][ T5968] __x64_sys_mkdir+0x6c/0x80
[ 78.098093][ T5968] do_syscall_64+0xf3/0x230
[ 78.098113][ T5968] ? clear_bhb_loop+0x35/0x90
[ 78.098137][ T5968] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 78.098156][ T5968] RIP: 0033:0x7f559d21ccd7
[ 78.098171][ T5968] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 78.098183][ T5968] RSP: 002b:00007fff80f2fa58 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 78.098201][ T5968] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f559d21ccd7
[ 78.098211][ T5968] RDX: 0000000000020c28 RSI: 00000000000001ff RDI: 0000400000001080
[pid 5968] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid 5968] +++ killed by SIGSEGV +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5968, si_uid=0, si_status=SIGSEGV, si_utime=3 /* 0.03 s */, si_stime=25 /* 0.25 s */} ---
umount2("./8", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555d8c66f0 /* 4 entries */, 32768) = 112
umount2("./8/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./8/binderfs") = 0
[ 78.098222][ T5968] RBP: 0000400000001080 R08: 0000000000000003 R09: 0000000000000000
[ 78.098231][ T5968] R10: 0000000000000000 R11: 0000000000000246 R12: 0000400000000080
[ 78.098240][ T5968] R13: 00007fff80f2faf0 R14: 0000000000000000 R15: 0000000000000000
[ 78.098268][ T5968]
[ 78.485702][ T5821] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./8/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./8/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./8/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555d8ce730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555d8ce730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./8/file0") = 0
getdents64(3, 0x55555d8c66f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./8") = 0
mkdir("./9", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 5986 attached
[pid 5986] set_robust_list(0x55555d8c5660, 24) = 0
[pid 5986] chdir("./9"
[pid 5821] <... clone resumed>, child_tidptr=0x55555d8c5650) = 5986
[pid 5986] <... chdir resumed>) = 0
[pid 5986] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 5986] setpgid(0, 0) = 0
[pid 5986] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 5986] write(3, "1000", 4) = 4
[pid 5986] close(3) = 0
[pid 5986] symlink("/dev/binderfs", "./binderfs") = 0
[pid 5986] write(1, "executing program\n", 18executing program
) = 18
[pid 5986] memfd_create("syzkaller", 0) = 3
[pid 5986] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5594c00000
[pid 5986] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 5986] munmap(0x7f5594c00000, 138412032) = 0
[pid 5986] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5986] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 5986] close(3) = 0
[pid 5986] close(4) = 0
[pid 5986] mkdir("./file0", 0777) = 0
[ 78.871127][ T5986] loop0: detected capacity change from 0 to 32768
[ 78.914401][ T5986] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor183 (5986)
[ 78.938687][ T5986] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 78.950286][ T5986] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 78.961054][ T5986] BTRFS info (device loop0): disk space caching is enabled
[ 78.969228][ T5986] BTRFS warning (device loop0): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[pid 5986] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,user_subvol_rm_allowed,compress-force=zlib,noautodefrag,autodefrag,autodefrag,max_inline"...) = 0
[pid 5986] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 5986] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 5986] ioctl(4, LOOP_CLR_FD) = 0
[pid 5986] close(4) = 0
[pid 5986] chdir("./file0") = 0
[pid 5986] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 5986] write(4, "14", 2) = 2
[pid 5986] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = 0
[pid 5986] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid 5986] +++ killed by SIGSEGV +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=5986, si_uid=0, si_status=SIGSEGV, si_utime=2 /* 0.02 s */, si_stime=21 /* 0.21 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
[ 79.048219][ T5986] BTRFS info (device loop0): rebuilding free space tree
[ 79.059946][ T5986] BTRFS info (device loop0): disabling free space tree
[ 79.068101][ T5986] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[ 79.078119][ T5986] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
umount2("./9", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555d8c66f0 /* 4 entries */, 32768) = 112
umount2("./9/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./9/binderfs") = 0
[ 79.205457][ T5821] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = 0
umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./9/file0", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_SYMLINK_NOFOLLOW) = 0
umount2("./9/file0", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./9/file0", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 4
newfstatat(4, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(4, 0x55555d8ce730 /* 2 entries */, 32768) = 48
getdents64(4, 0x55555d8ce730 /* 0 entries */, 32768) = 0
close(4) = 0
rmdir("./9/file0") = 0
getdents64(3, 0x55555d8c66f0 /* 0 entries */, 32768) = 0
close(3) = 0
rmdir("./9") = 0
mkdir("./10", 0777) = 0
openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 3
ioctl(3, LOOP_CLR_FD) = -1 ENXIO (No such device or address)
close(3) = 0
clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD./strace-static-x86_64: Process 6004 attached
[pid 6004] set_robust_list(0x55555d8c5660, 24
[pid 5821] <... clone resumed>, child_tidptr=0x55555d8c5650) = 6004
[pid 6004] <... set_robust_list resumed>) = 0
[pid 6004] chdir("./10") = 0
[pid 6004] prctl(PR_SET_PDEATHSIG, SIGKILL) = 0
[pid 6004] setpgid(0, 0) = 0
[pid 6004] openat(AT_FDCWD, "/proc/self/oom_score_adj", O_WRONLY|O_CLOEXEC) = 3
[pid 6004] write(3, "1000", 4) = 4
[pid 6004] close(3) = 0
[pid 6004] symlink("/dev/binderfs", "./binderfs") = 0
[pid 6004] write(1, "executing program\n", 18executing program
) = 18
[pid 6004] memfd_create("syzkaller", 0) = 3
[pid 6004] mmap(NULL, 138412032, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f5594c00000
[pid 6004] write(3, "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"..., 16777216) = 16777216
[pid 6004] munmap(0x7f5594c00000, 138412032) = 0
[pid 6004] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 6004] ioctl(4, LOOP_SET_FD, 3) = 0
[pid 6004] close(3) = 0
[pid 6004] close(4) = 0
[pid 6004] mkdir("./file0", 0777) = 0
[ 79.570975][ T6004] loop0: detected capacity change from 0 to 32768
[ 79.610214][ T6004] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz-executor183 (6004)
[ 79.633688][ T6004] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 79.643926][ T6004] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[ 79.653000][ T6004] BTRFS info (device loop0): disk space caching is enabled
[ 79.660253][ T6004] BTRFS warning (device loop0): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[ 79.706144][ T6004] BTRFS info (device loop0): rebuilding free space tree
[ 79.733650][ T6004] BTRFS info (device loop0): disabling free space tree
[ 79.740603][ T6004] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[pid 6004] mount("/dev/loop0", "./file0", "btrfs", 0, "clear_cache,user_subvol_rm_allowed,compress-force=zlib,noautodefrag,autodefrag,autodefrag,max_inline"...) = 0
[pid 6004] openat(AT_FDCWD, "./file0", O_RDONLY|O_DIRECTORY) = 3
[pid 6004] openat(AT_FDCWD, "/dev/loop0", O_RDWR) = 4
[pid 6004] ioctl(4, LOOP_CLR_FD) = 0
[pid 6004] close(4) = 0
[pid 6004] chdir("./file0") = 0
[pid 6004] openat(AT_FDCWD, "/proc/thread-self/fail-nth", O_RDWR) = 4
[pid 6004] write(4, "14", 2) = 2
[ 79.751421][ T6004] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[ 79.785386][ T6004] FAULT_INJECTION: forcing a failure.
[ 79.785386][ T6004] name failslab, interval 1, probability 0, space 0, times 0
[ 79.798866][ T6004] CPU: 0 UID: 0 PID: 6004 Comm: syz-executor183 Not tainted 6.14.0-rc4-syzkaller-00242-g7a5668899f54 #0
[ 79.798888][ T6004] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 79.798897][ T6004] Call Trace:
[ 79.798902][ T6004]
[ 79.798909][ T6004] dump_stack_lvl+0x241/0x360
[ 79.798932][ T6004] ? __pfx_dump_stack_lvl+0x10/0x10
[ 79.798947][ T6004] ? __pfx__printk+0x10/0x10
[ 79.798970][ T6004] ? fs_reclaim_acquire+0x93/0x130
[ 79.798991][ T6004] ? __pfx___might_resched+0x10/0x10
[ 79.799015][ T6004] should_fail_ex+0x40a/0x550
[ 79.799041][ T6004] should_failslab+0xac/0x100
[ 79.799064][ T6004] ? add_delayed_ref+0x19e/0x1e90
[ 79.799082][ T6004] kmem_cache_alloc_noprof+0x70/0x380
[ 79.799112][ T6004] add_delayed_ref+0x19e/0x1e90
[ 79.799147][ T6004] ? __set_extent_bit+0x16f4/0x1e60
[ 79.799172][ T6004] ? down_write_nested+0x195/0x220
[ 79.799194][ T6004] ? __pfx_add_delayed_ref+0x10/0x10
[ 79.799226][ T6004] btrfs_alloc_tree_block+0xdf8/0x1430
[ 79.799260][ T6004] ? __pfx_btrfs_alloc_tree_block+0x10/0x10
[ 79.799298][ T6004] ? read_extent_buffer+0x10d/0x550
[ 79.799323][ T6004] btrfs_force_cow_block+0x526/0x1fd0
[ 79.799352][ T6004] ? __pfx_lock_acquire+0x10/0x10
[ 79.799386][ T6004] ? __pfx_btrfs_force_cow_block+0x10/0x10
[ 79.799405][ T6004] ? btrfs_qgroup_add_swapped_blocks+0x8f0/0x9b0
[ 79.799430][ T6004] ? down_write_nested+0x195/0x220
[ 79.799446][ T6004] ? __pfx_down_write_nested+0x10/0x10
[ 79.799468][ T6004] btrfs_cow_block+0x371/0x830
[ 79.799501][ T6004] btrfs_search_slot+0xc01/0x3180
[ 79.799548][ T6004] ? __pfx_btrfs_search_slot+0x10/0x10
[ 79.799567][ T6004] ? btrfs_create_new_inode+0xa4f/0x1fa0
[ 79.799585][ T6004] ? __pfx_lock_release+0x10/0x10
[ 79.799610][ T6004] ? _raw_spin_unlock+0x28/0x50
[ 79.799632][ T6004] ? do_raw_spin_unlock+0x13c/0x8b0
[ 79.799654][ T6004] btrfs_insert_empty_items+0x9c/0x1a0
[ 79.799678][ T6004] btrfs_create_new_inode+0xdec/0x1fa0
[ 79.799712][ T6004] ? record_root_in_trans+0x2d8/0x360
[ 79.799732][ T6004] ? __pfx_btrfs_create_new_inode+0x10/0x10
[ 79.799755][ T6004] ? btrfs_record_root_in_trans+0x16e/0x190
[ 79.799790][ T6004] ? start_transaction+0x3f8/0x16b0
[ 79.799828][ T6004] btrfs_create_common+0x1d4/0x2e0
[ 79.799853][ T6004] ? __pfx_btrfs_create_common+0x10/0x10
[ 79.799893][ T6004] ? btrfs_mkdir+0x7a/0x100
[ 79.799917][ T6004] vfs_mkdir+0x2f9/0x4f0
[ 79.799946][ T6004] do_mkdirat+0x264/0x3a0
[ 79.799964][ T6004] ? __check_object_size+0x47a/0x730
[ 79.799990][ T6004] ? __pfx_do_mkdirat+0x10/0x10
[ 79.800005][ T6004] ? strncpy_from_user+0x146/0x270
[ 79.800030][ T6004] ? getname_flags+0x1e3/0x540
[ 79.800049][ T6004] __x64_sys_mkdir+0x6c/0x80
[ 79.800069][ T6004] do_syscall_64+0xf3/0x230
[ 79.800090][ T6004] ? clear_bhb_loop+0x35/0x90
[ 79.800116][ T6004] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 79.800135][ T6004] RIP: 0033:0x7f559d21ccd7
[ 79.800150][ T6004] Code: 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 53 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b8 ff ff ff f7 d8 64 89 01 48
[ 79.800163][ T6004] RSP: 002b:00007fff80f2fa58 EFLAGS: 00000246 ORIG_RAX: 0000000000000053
[ 79.800181][ T6004] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f559d21ccd7
[ 79.800192][ T6004] RDX: 0000000000020c28 RSI: 00000000000001ff RDI: 0000400000001080
[pid 6004] mkdir("\x13\x13\x77\xc5\xfc\x35\xd4\x14\x54\xd5\xd4\x1d\x29\xad\x1a\x60\x29\x59\x81\x46\xe6\xbe\x16\x6e\x41\xad\x0d\xbd\x40\x54\x03\x3c\x9f\x33\xbb\xda\x82\x24\xa2\xf3\xd7\x72\xe7\x63\x6e\x48\xb3\x3c\xbf\x70\x83\x72\xe8\xf1\xb9\x93\x3e\xc5\x12\x77\x43\xbe\x22\x06\x20\x9e\xf0\x2d\xf9\xcb\xf2\xf6\xe8\x80\xd3\x38\x2f", 0777) = -1 ENOMEM (Cannot allocate memory)
[pid 6004] --- SIGSEGV {si_signo=SIGSEGV, si_code=SEGV_MAPERR, si_addr=NULL} ---
[pid 6004] +++ killed by SIGSEGV +++
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_KILLED, si_pid=6004, si_uid=0, si_status=SIGSEGV, si_utime=3 /* 0.03 s */, si_stime=59 /* 0.59 s */} ---
restart_syscall(<... resuming interrupted clone ...>) = 0
umount2("./10", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
openat(AT_FDCWD, "./10", O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_DIRECTORY) = 3
[ 79.800202][ T6004] RBP: 0000400000001080 R08: 0000000000000003 R09: 0000000000000000
[ 79.800209][ T6004] R10: 0000000000000000 R11: 0000000000000246 R12: 0000400000000080
[ 79.800219][ T6004] R13: 00007fff80f2faf0 R14: 0000000000000000 R15: 0000000000000000
[ 79.800248][ T6004]
[ 79.800642][ T6004] BTRFS error (device loop0 state A): Transaction aborted (error -12)
[ 80.166802][ T6004] BTRFS: error (device loop0 state A) in btrfs_create_new_inode:6384: errno=-12 Out of memory
[ 80.177169][ T6004] BTRFS info (device loop0 state EA): forced readonly
newfstatat(3, "", {st_mode=S_IFDIR|0700, st_size=4096, ...}, AT_EMPTY_PATH) = 0
getdents64(3, 0x55555d8c66f0 /* 4 entries */, 32768) = 112
umount2("./10/binderfs", MNT_FORCE|UMOUNT_NOFOLLOW) = -1 EINVAL (Invalid argument)
newfstatat(AT_FDCWD, "./10/binderfs", {st_mode=S_IFLNK|0777, st_size=13, ...}, AT_SYMLINK_NOFOLLOW) = 0
unlink("./10/binderfs") = 0
[ 80.313140][ T5821] BTRFS info (device loop0 state EA): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[ 80.358352][ T5821] ------------[ cut here ]------------
[ 80.366343][ T5821] WARNING: CPU: 1 PID: 5821 at fs/btrfs/space-info.h:255 btrfs_space_info_update_bytes_may_use+0x366/0x670
[ 80.377921][ T5821] Modules linked in:
[ 80.381993][ T5821] CPU: 1 UID: 0 PID: 5821 Comm: syz-executor183 Not tainted 6.14.0-rc4-syzkaller-00242-g7a5668899f54 #0
[ 80.393308][ T5821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 80.403524][ T5821] RIP: 0010:btrfs_space_info_update_bytes_may_use+0x366/0x670
[ 80.411010][ T5821] Code: 00 00 74 08 4c 89 ff e8 c8 ed 1b fe 49 8b 1f 48 89 df 48 8b 6c 24 20 48 89 ee e8 e5 3c b7 fd 48 39 eb 73 1d e8 7b 3a b7 fd 90 <0f> 0b 90 45 31 f6 43 80 7c 25 00 00 0f 85 2e ff ff ff e9 31 ff ff
[ 80.430883][ T5821] RSP: 0018:ffffc900040bf8a8 EFLAGS: 00010293
[ 80.437178][ T5821] RAX: ffffffff840a8445 RBX: 00000000000ff000 RCX: ffff88802fd9da00
[ 80.445338][ T5821] RDX: 0000000000000000 RSI: 0000000000100000 RDI: 00000000000ff000
[ 80.453520][ T5821] RBP: 0000000000100000 R08: ffffffff840a843b R09: 1ffffffff20778ae
[ 80.461662][ T5821] R10: dffffc0000000000 R11: fffffbfff20778af R12: dffffc0000000000
[ 80.470217][ T5821] R13: 1ffff1100f479f0d R14: fffffffffff00000 R15: ffff88807a3cf868
[ 80.478660][ T5821] FS: 000055555d8c5380(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
[ 80.487881][ T5821] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 80.494525][ T5821] CR2: 00007fff80f2eb5c CR3: 0000000034ad6000 CR4: 00000000003526f0
[ 80.502569][ T5821] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 80.510567][ T5821] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 80.518635][ T5821] Call Trace:
[ 80.521933][ T5821]
[ 80.524983][ T5821] ? __warn+0x165/0x4d0
[ 80.529192][ T5821] ? btrfs_space_info_update_bytes_may_use+0x366/0x670
[ 80.536223][ T5821] ? report_bug+0x2b3/0x500
[ 80.541227][ T5821] ? btrfs_space_info_update_bytes_may_use+0x366/0x670
[ 80.548187][ T5821] ? handle_bug+0x60/0x90
[ 80.552701][ T5821] ? exc_invalid_op+0x1a/0x50
[ 80.557405][ T5821] ? asm_exc_invalid_op+0x1a/0x20
[ 80.562533][ T5821] ? btrfs_space_info_update_bytes_may_use+0x35b/0x670
[ 80.569426][ T5821] ? btrfs_space_info_update_bytes_may_use+0x365/0x670
[ 80.576463][ T5821] ? btrfs_space_info_update_bytes_may_use+0x366/0x670
[ 80.583420][ T5821] ? btrfs_space_info_update_bytes_may_use+0x365/0x670
[ 80.590298][ T5821] ? __pfx_lock_release+0x10/0x10
[ 80.595542][ T5821] btrfs_block_rsv_release+0x4f8/0x610
[ 80.601050][ T5821] ? kfree+0x196/0x430
[ 80.605203][ T5821] btrfs_release_global_block_rsv+0x33/0x270
[ 80.611203][ T5821] btrfs_free_block_groups+0xc3c/0x1080
[ 80.616851][ T5821] close_ctree+0x7b0/0xd90
[ 80.621299][ T5821] ? hook_sb_delete+0x888/0xbd0
[ 80.626211][ T5821] ? __pfx_close_ctree+0x10/0x10
[ 80.631187][ T5821] ? btrfs_is_data_extent_shared+0x3a1/0x1790
[ 80.637327][ T5821] ? __pfx_hook_sb_delete+0x10/0x10
[ 80.642587][ T5821] ? __pfx_evict_inodes+0x10/0x10
[ 80.647632][ T5821] ? __pfx_btrfs_put_super+0x10/0x10
[ 80.653056][ T5821] generic_shutdown_super+0x139/0x2d0
[ 80.658471][ T5821] kill_anon_super+0x3b/0x70
[ 80.663121][ T5821] btrfs_kill_super+0x41/0x50
[ 80.667809][ T5821] deactivate_locked_super+0xc4/0x130
[ 80.673266][ T5821] cleanup_mnt+0x41f/0x4b0
[ 80.677700][ T5821] ? lockdep_hardirqs_on+0x99/0x150
[ 80.682950][ T5821] task_work_run+0x24f/0x310
[ 80.687560][ T5821] ? __pfx_task_work_run+0x10/0x10
[ 80.692770][ T5821] ? path_umount+0x211/0xf80
[ 80.697398][ T5821] ptrace_notify+0x2d9/0x380
[ 80.702019][ T5821] ? __x64_sys_umount+0x123/0x170
[ 80.707088][ T5821] ? user_path_at+0x44/0x60
[ 80.711585][ T5821] ? __pfx_ptrace_notify+0x10/0x10
[ 80.716768][ T5821] ? kmem_cache_free+0x195/0x410
[ 80.721725][ T5821] ? __x64_sys_umount+0x123/0x170
[ 80.726896][ T5821] syscall_exit_work+0xc7/0x1d0
[ 80.731788][ T5821] syscall_exit_to_user_mode+0x24a/0x340
[ 80.737511][ T5821] do_syscall_64+0x100/0x230
[ 80.742127][ T5821] ? clear_bhb_loop+0x35/0x90
[ 80.746956][ T5821] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 80.752933][ T5821] RIP: 0033:0x7f559d21f077
[ 80.757343][ T5821] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8
[ 80.777004][ T5821] RSP: 002b:00007fff80f2eb48 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6
[ 80.785486][ T5821] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f559d21f077
[ 80.793501][ T5821] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff80f2ec00
[ 80.801483][ T5821] RBP: 00007fff80f2ec00 R08: 0000000000000000 R09: 0000000000000000
[ 80.809520][ T5821] R10: 00000000ffffffff R11: 0000000000000206 R12: 00007fff80f2fc80
[ 80.817539][ T5821] R13: 000055555d8c66c0 R14: 431bde82d7b634db R15: 00007fff80f2fca0
[ 80.825579][ T5821]
[ 80.828625][ T5821] Kernel panic - not syncing: kernel: panic_on_warn set ...
[ 80.835909][ T5821] CPU: 1 UID: 0 PID: 5821 Comm: syz-executor183 Not tainted 6.14.0-rc4-syzkaller-00242-g7a5668899f54 #0
[ 80.847029][ T5821] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
[ 80.857100][ T5821] Call Trace:
[ 80.860390][ T5821]
[ 80.863320][ T5821] dump_stack_lvl+0x241/0x360
[ 80.868001][ T5821] ? __pfx_dump_stack_lvl+0x10/0x10
[ 80.873210][ T5821] ? __pfx__printk+0x10/0x10
[ 80.877821][ T5821] ? _printk+0xd5/0x120
[ 80.882004][ T5821] ? __init_begin+0x41000/0x41000
[ 80.887064][ T5821] ? vscnprintf+0x5d/0x90
[ 80.891403][ T5821] panic+0x349/0x880
[ 80.895305][ T5821] ? __warn+0x174/0x4d0
[ 80.899464][ T5821] ? __pfx_panic+0x10/0x10
[ 80.903893][ T5821] __warn+0x344/0x4d0
[ 80.907878][ T5821] ? btrfs_space_info_update_bytes_may_use+0x366/0x670
[ 80.914727][ T5821] report_bug+0x2b3/0x500
[ 80.919062][ T5821] ? btrfs_space_info_update_bytes_may_use+0x366/0x670
[ 80.925914][ T5821] handle_bug+0x60/0x90
[ 80.930084][ T5821] exc_invalid_op+0x1a/0x50
[ 80.934595][ T5821] asm_exc_invalid_op+0x1a/0x20
[ 80.939449][ T5821] RIP: 0010:btrfs_space_info_update_bytes_may_use+0x366/0x670
[ 80.946905][ T5821] Code: 00 00 74 08 4c 89 ff e8 c8 ed 1b fe 49 8b 1f 48 89 df 48 8b 6c 24 20 48 89 ee e8 e5 3c b7 fd 48 39 eb 73 1d e8 7b 3a b7 fd 90 <0f> 0b 90 45 31 f6 43 80 7c 25 00 00 0f 85 2e ff ff ff e9 31 ff ff
[ 80.966524][ T5821] RSP: 0018:ffffc900040bf8a8 EFLAGS: 00010293
[ 80.972600][ T5821] RAX: ffffffff840a8445 RBX: 00000000000ff000 RCX: ffff88802fd9da00
[ 80.980613][ T5821] RDX: 0000000000000000 RSI: 0000000000100000 RDI: 00000000000ff000
[ 80.988596][ T5821] RBP: 0000000000100000 R08: ffffffff840a843b R09: 1ffffffff20778ae
[ 80.996590][ T5821] R10: dffffc0000000000 R11: fffffbfff20778af R12: dffffc0000000000
[ 81.004568][ T5821] R13: 1ffff1100f479f0d R14: fffffffffff00000 R15: ffff88807a3cf868
[ 81.012600][ T5821] ? btrfs_space_info_update_bytes_may_use+0x35b/0x670
[ 81.019454][ T5821] ? btrfs_space_info_update_bytes_may_use+0x365/0x670
[ 81.026307][ T5821] ? btrfs_space_info_update_bytes_may_use+0x365/0x670
[ 81.033196][ T5821] ? __pfx_lock_release+0x10/0x10
[ 81.038260][ T5821] btrfs_block_rsv_release+0x4f8/0x610
[ 81.043732][ T5821] ? kfree+0x196/0x430
[ 81.047805][ T5821] btrfs_release_global_block_rsv+0x33/0x270
[ 81.053788][ T5821] btrfs_free_block_groups+0xc3c/0x1080
[ 81.059338][ T5821] close_ctree+0x7b0/0xd90
[ 81.063760][ T5821] ? hook_sb_delete+0x888/0xbd0
[ 81.068693][ T5821] ? __pfx_close_ctree+0x10/0x10
[ 81.073631][ T5821] ? btrfs_is_data_extent_shared+0x3a1/0x1790
[ 81.079729][ T5821] ? __pfx_hook_sb_delete+0x10/0x10
[ 81.084948][ T5821] ? __pfx_evict_inodes+0x10/0x10
[ 81.089985][ T5821] ? __pfx_btrfs_put_super+0x10/0x10
[ 81.095355][ T5821] generic_shutdown_super+0x139/0x2d0
[ 81.100725][ T5821] kill_anon_super+0x3b/0x70
[ 81.105314][ T5821] btrfs_kill_super+0x41/0x50
[ 81.109996][ T5821] deactivate_locked_super+0xc4/0x130
[ 81.115367][ T5821] cleanup_mnt+0x41f/0x4b0
[ 81.119782][ T5821] ? lockdep_hardirqs_on+0x99/0x150
[ 81.124978][ T5821] task_work_run+0x24f/0x310
[ 81.129571][ T5821] ? __pfx_task_work_run+0x10/0x10
[ 81.134683][ T5821] ? path_umount+0x211/0xf80
[ 81.139377][ T5821] ptrace_notify+0x2d9/0x380
[ 81.143961][ T5821] ? __x64_sys_umount+0x123/0x170
[ 81.149022][ T5821] ? user_path_at+0x44/0x60
[ 81.153526][ T5821] ? __pfx_ptrace_notify+0x10/0x10
[ 81.158715][ T5821] ? kmem_cache_free+0x195/0x410
[ 81.163675][ T5821] ? __x64_sys_umount+0x123/0x170
[ 81.168720][ T5821] syscall_exit_work+0xc7/0x1d0
[ 81.173592][ T5821] syscall_exit_to_user_mode+0x24a/0x340
[ 81.179458][ T5821] do_syscall_64+0x100/0x230
[ 81.184596][ T5821] ? clear_bhb_loop+0x35/0x90
[ 81.189648][ T5821] entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 81.195658][ T5821] RIP: 0033:0x7f559d21f077
[ 81.200430][ T5821] Code: 07 00 48 83 c4 08 5b 5d c3 66 2e 0f 1f 84 00 00 00 00 00 c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 b8 ff ff ff f7 d8 64 89 02 b8
[ 81.220228][ T5821] RSP: 002b:00007fff80f2eb48 EFLAGS: 00000206 ORIG_RAX: 00000000000000a6
[ 81.228847][ T5821] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 00007f559d21f077
[ 81.236853][ T5821] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff80f2ec00
[ 81.244836][ T5821] RBP: 00007fff80f2ec00 R08: 0000000000000000 R09: 0000000000000000
[ 81.252804][ T5821] R10: 00000000ffffffff R11: 0000000000000206 R12: 00007fff80f2fc80
[ 81.260769][ T5821] R13: 000055555d8c66c0 R14: 431bde82d7b634db R15: 00007fff80f2fca0
[ 81.268769][ T5821]
[ 81.272071][ T5821] Kernel Offset: disabled
[ 81.276444][ T5821] Rebooting in 86400 seconds..